package jdbc;

import socket.DBUtil;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 *预编译SQL语句
 * 当SQl语句中需要含有用户提供的数据时，为了避免因为拼接SQL导致语义
 */
public class JDBCDemo7 {
    public static void main(String[] args) {
        UserInfo inputObject = InputUtil.getInputObject(new UserInfo(), "欢迎登录", "登录");
        try (
                Connection connection = DBUtil.getConnection();
                ){
//            String sql = "SELECT id,username,password,nickname,age FROM userinfo WHERE username=? AND password=?" ;
            String sql = "SELECT id,username,password,nickname,age " +
                            "FROM userinfo "+
                    "WHERE username=? AND password=?";
            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,inputObject.getUsername());
            ps.setString(2,inputObject.getPassword());
            //密码：asd' OR '1'='1

            //SELECT登录用下面这个
            //ResultSet rs = ps.executeQuery();
            ResultSet rs = ps.executeQuery();
            if (rs.next()){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }

    }
}
